vyatta-cfg-firewall (0.14.0+vyos2+current2) unstable; urgency=medium

  * T59: Inspect action still exists in firewall and should be removed

 -- hagbard <vyos.dev@derith.de>  Fri, 26 Oct 2018 11:54:38 -0700

vyatta-cfg-firewall (0.14.0+vyos2+current1) unstable; urgency=medium

  [ Thomas Jepp ]
  * Fix build depends.
  * Fix runtime depends.

  [ Kim Hagen ]

 -- Kim Hagen <kim.sidney@gmail.com>  Sun, 24 Jan 2016 15:00:40 -0500

vyatta-cfg-firewall (0.14.0+vyos2+lithium16) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-firewall: update network-group check to allow "this" network
  * vyatta-cfg-firewall: formatting changes for style consistency

 -- Alex Harpin <development@landsofshadow.co.uk>  Sat, 12 Dec 2015 20:13:00 +0000

vyatta-cfg-firewall (0.14.0+vyos2+lithium15) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-firewall: drop executable permissions on node.defs
  * vyatta-cfg-firewall: check rules for errors before processing them
  * vyatta-cfg-firewall: formatting changes for style consistency
  * vyatta-cfg-firewall: update nfct commands to use the new syntax

 -- Alex Harpin <development@landsofshadow.co.uk>  Sun, 29 Nov 2015 18:51:08 +0000

vyatta-cfg-firewall (0.14.0+vyos2+lithium14) unstable; urgency=low

  [ Alex Harpin ]
  * vyatta-cfg-firewall: temporarily disable p2p option in firewall config

 -- Alex Harpin <development@landsofshadow.co.uk>  Sat, 24 Oct 2015 11:29:12 +0100
 
vyatta-cfg-firewall (0.14.0+vyos2+lithium13) unstable; urgency=low

  * vyatta-cfg-firewall: add port 1536 to the initial ct helper chain

 -- Alex Harpin <development@landsofshadow.co.uk>  Wed, 24 Jun 2015 08:13:39 +0100
 
vyatta-cfg-firewall (0.14.0+vyos2+lithium12) unstable; urgency=low

  * vyatta-cfg-firewall: update dh_gencontrol with new development flag

 -- Alex Harpin <development@landsofshadow.co.uk>  Mon, 15 Jun 2015 08:16:45 +0100
 
vyatta-cfg-firewall (0.14.0+vyos2+lithium11) unstable; urgency=low

  * Missing comma in gen-interface-templates script interface hash.

 -- Daniil Baturin <daniil@baturin.org>  Thu, 14 May 2015 15:40:27 +0200

vyatta-cfg-firewall (0.14.0+vyos2+lithium10) unstable; urgency=low

  [ Carl Byington ]
  * add firewall config for vrrp interfaces
  * add firewall config for vrrp interfaces
  * add interfaces/vti/<intf>/policy add
    interfaces/ethernet/<intf>/vrrp/vrrp-group/policy remove
    interfaces/ethernet/<intf>/pppoa
  * fix syntax error from sorting
  * fix syntax error from sorting
  * http://bugzilla.vyos.net/show_bug.cgi?id=494

  [ Daniil Baturin ]

 -- Daniil Baturin <daniil@baturin.org>  Sun, 03 May 2015 23:42:07 +0200

vyatta-cfg-firewall (0.14.0+vyos2+lithium9) unstable; urgency=low

  * Bug #406: display uncommited firewall group names in completion.

 -- Daniil Baturin <daniil@baturin.org>  Sun, 03 May 2015 20:26:36 +0200

vyatta-cfg-firewall (0.14.0+vyos2+lithium8) unstable; urgency=low

  * Sanitize the package.

 -- Daniil Baturin <daniil@baturin.org>  Thu, 09 Apr 2015 01:01:41 +0200

vyatta-cfg-firewall (0.14.0+vyos2+lithium7) unstable; urgency=low

  [ kouak ]
  * Add SNPT and DNPT firewall hooks and load ip6t_NPT kernel module
    (#387)

  [ Daniil Baturin ]

 -- Daniil Baturin <daniil@baturin.org>  Tue, 17 Feb 2015 09:55:08 +0100

vyatta-cfg-firewall (0.14.0+vyos2+lithium6) unstable; urgency=low

  * Bug #487: complete names for added but not commited firewall
    rulesets.

 -- Daniil Baturin <daniil@baturin.org>  Sat, 14 Feb 2015 20:45:34 +0100

vyatta-cfg-firewall (0.14.0+vyos2+lithium5) unstable; urgency=low

  * Update maintainer address

 -- Alex Harpin <development@landsofshadow.co.uk>  Thu, 25 Dec 2014 14:11:08 +0000
 
vyatta-cfg-firewall (0.14.0+vyos2+lithium4) unstable; urgency=low

  * Force release

 -- Alex Harpin <development@landsofshadow.co.uk>  Mon, 15 Dec 2014 19:19:07 +0000
 
vyatta-cfg-firewall (0.14.0+vyos2+lithium3) unstable; urgency=low

  [ William Steve Applegate ]
  * Fix missing autogenerated chain for IPv6 policy routing.

  [ Daniil Baturin ]

 -- Daniil Baturin <daniil@baturin.org>  Fri, 21 Nov 2014 18:56:33 +0100

vyatta-cfg-firewall (0.14.0+vyos2+lithium2) unstable; urgency=low

  * New branch

 -- Daniil Baturin <dmbaturin@squeeze32devel.multi.eu>  Tue, 18 Nov 2014 18:49:38 +0100

vyatta-cfg-firewall (0.14.0+vyos2+lithium1) unstable; urgency=low

  * New branch

 -- Daniil Baturin <daniil@baturin.org>  Tue, 18 Nov 2014 18:48:30 +0100

vyatta-cfg-firewall (0.13.91+vyos1+helium8) unstable; urgency=low

  * Add VXLAN to generated templates.

 -- Daniil Baturin <daniil@baturin.org>  Sat, 20 Sep 2014 10:09:34 +0200

vyatta-cfg-firewall (0.13.91+vyos1+helium7) unstable; urgency=low

  * Bug #115: disallow reserved firewall names in CLI validation.

 -- Daniil Baturin <daniil@baturin.org>  Sat, 02 Aug 2014 02:25:10 +0200

vyatta-cfg-firewall (0.13.91+vyos1+helium6) unstable; urgency=low

  * Bug #128: do not call ipset for every port/address in range.

 -- Daniil Baturin <daniil@baturin.org>  Sat, 02 Aug 2014 00:07:08 +0200

vyatta-cfg-firewall (0.13.91+vyos1+helium5) unstable; urgency=low

  * Bug #45: add port range validation script.
  * Bug #45: add port range validation to firewall templates.

 -- Daniil Baturin <daniil@baturin.org>  Fri, 01 Aug 2014 22:15:54 +0200

vyatta-cfg-firewall (0.13.91+vyos1+helium4) unstable; urgency=low

  [ Daniil Baturin ]
  * Bug #144: change priorities so route policy is after firewall groups

  [ Kim Hagen ]
  * Add QinQ to interfaces in template generators.
  * Add QinQ to interfaces in template generators node hashes.
  * Set separate virual interface for QinQ.

  [ Daniil Baturin ]
  * Bug #108: add an option to enable RFC1337 TCP TIME-WAIT hazards
    protection

 -- Daniil Baturin <daniil@baturin.org>  Thu, 31 Jul 2014 20:59:45 +0200

vyatta-cfg-firewall (0.13.91+vyos1+helium3) unstable; urgency=low

  * Bug #170: add L2TPv3 interface type to policy template generator.

 -- Daniil Baturin <daniil@baturin.org>  Sun, 06 Apr 2014 15:52:12 +0200

vyatta-cfg-firewall (0.13.91+vyos1+helium2) unstable; urgency=low

  * Bug #170: add L2TPv3 interface type to firewall templates generator.

 -- Daniil Baturin <daniil@baturin.org>  Sun, 06 Apr 2014 15:48:20 +0200

vyatta-cfg-firewall (0.13.91+vyos1+helium1) unstable; urgency=low

  * New branch

 -- Daniil Baturin <daniil@baturin.org>  Sat, 15 Feb 2014 16:06:21 +0100

vyatta-cfg-firewall (0.13.91+hydrogen1) unstable; urgency=low

  * New branch

 -- Daniil Baturin <daniil@baturin.org>  Sun, 17 Nov 2013 00:08:19 +0100

vyatta-cfg-firewall (0.13.91+daisy7) unstable; urgency=low

  * Add config node for firewall config change trap
  * Add script to generate traps
  * Enable generation of SNMP traps on firewall config changes

 -- James Davidson <james.davidson@vyatta.com>  Mon, 10 Jun 2013 08:45:42 -0700

vyatta-cfg-firewall (0.13.91+daisy6) unstable; urgency=low

  * Fixing 8622

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Tue, 22 Jan 2013 16:39:42 -0800

vyatta-cfg-firewall (0.13.91+daisy5) unstable; urgency=low

  * fix for 8492. Don't declare error and bail out on attempt to
    deletion of ipset.

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Wed, 21 Nov 2012 16:24:23 -0800

vyatta-cfg-firewall (0.13.91+daisy4) unstable; urgency=low

  * Fix rc usage as per ispet_delete and other commands

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Tue, 20 Nov 2012 10:36:29 -0800

vyatta-cfg-firewall (0.13.91+daisy3) unstable; urgency=low

  * Bugfix 7613: cleanup firewall groups correctly

 -- John Southworth <john.southworth@vyatta.com>  Mon, 19 Nov 2012 13:15:09 -0800

vyatta-cfg-firewall (0.13.91+daisy2) unstable; urgency=low

  * initial script for reset firewall group command
  * reset functions for named ipset rule implementation with commit lock
  * added reset all groups functions
  * Add warning prompt before doing reset
  * Add signal handler to handle CTRL+C to avoid commit blockade on lock
    file
  * Add show functions for allowed scripts for firewall groups

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Mon, 19 Nov 2012 12:33:39 -0800

vyatta-cfg-firewall (0.13.91+daisy1) unstable; urgency=low

  * create daisy branch

 -- John Southworth <john.southworth@vyatta.com>  Sat, 13 Oct 2012 13:30:29 -0700

vyatta-cfg-firewall (0.13.91) unstable; urgency=low

  * new branch

 -- John Southworth <john.southworth@vyatta.com>  Fri, 12 Oct 2012 19:46:43 -0700

vyatta-cfg-firewall (0.13.90) unstable; urgency=low

  * PBR: config command validations, help strings etc. cleaned up and

 -- susheela <susheela.vaidya@vyatta.com>  Sat, 06 Oct 2012 15:09:36 -0700

vyatta-cfg-firewall (0.13.89) unstable; urgency=low

  [ Bharat ]
  * Bug 8200: Changed gred to not display shim6

  [ bharat ]

 -- bharat <bharat@git.vyatta.com>  Thu, 04 Oct 2012 11:55:24 -0700

vyatta-cfg-firewall (0.13.88) unstable; urgency=low

  * Bug 8348: policy route <> rule <> action, 'modify' shouldn't be
    allowed

 -- Robert Bays <robert@vyatta.com>  Thu, 13 Sep 2012 16:53:57 -0700

vyatta-cfg-firewall (0.13.87) unstable; urgency=low

  * 8330: return rule number in error message

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Thu, 13 Sep 2012 09:42:12 -0700

vyatta-cfg-firewall (0.13.86) unstable; urgency=low

  * Fixing 3167, mandate multiport values after single port, remove
    misleading error message

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Fri, 07 Sep 2012 17:22:05 -0700

vyatta-cfg-firewall (0.13.85) unstable; urgency=low

  * reserve upper table numbers for future use

 -- Robert Bays <robert@vyatta.com>  Wed, 05 Sep 2012 15:32:06 -0700

vyatta-cfg-firewall (0.13.84) unstable; urgency=low

  * initial checkin for pbr functionality
  * update script executable permissions
  * lower priority on policy route node so it is run before interfaces
  * Add val_help for table numbers
  * Table should be between 1-250, not 1-249.
  * changes to policy tables to add accept
  * populate firewall policy tables based on refcount
  * add support for main table

 -- Robert Bays <robert@vyatta.com>  Wed, 05 Sep 2012 14:26:40 -0700

vyatta-cfg-firewall (0.13.83) unstable; urgency=low

  * fix 8200, don't allow shim6 in allowed list of ipv4 protocols for
    firewall

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Wed, 29 Aug 2012 17:03:52 -0700

vyatta-cfg-firewall (0.13.82) unstable; urgency=low

  * add conntrack raw table ignore chain
  * move CT_IGNORE chain up, first in raw table

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Wed, 22 Aug 2012 17:42:02 -0700

vyatta-cfg-firewall (0.13.81) unstable; urgency=low

  * Bugfix 8271: Remove Vestigial VRRP hooks. The implementation changed
    and these are no longer needed.
  * 0.13.80

 -- John Southworth <john.southworth@vyatta.com>  Thu, 09 Aug 2012 16:53:27 -0700

vyatta-cfg-firewall (0.13.80) unstable; urgency=low

  * Bugfix 8271: Remove Vestigial VRRP hooks. The implementation changed
    and these are no longer needed.

 -- John Southworth <john.southworth@vyatta.com>  Thu, 09 Aug 2012 16:53:20 -0700

vyatta-cfg-firewall (0.13.79) unstable; urgency=low

  * Bugfix 8217: VTI: add firewall cfg commands under interfaces vti
  * 0.13.78

 -- Saurabh Mohan <saurabh@vyatta.com>  Thu, 09 Aug 2012 14:01:58 -0700

vyatta-cfg-firewall (0.13.78) unstable; urgency=low

  * Bugfix 8217: VTI: add firewall cfg commands under interfaces vti

 -- Saurabh Mohan <saurabh@vyatta.com>  Thu, 09 Aug 2012 13:29:07 -0700

vyatta-cfg-firewall (0.13.77) unstable; urgency=low

  * fixing 8173: moving CT_HELPER chain just before CTTIMEOUT

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Fri, 22 Jun 2012 15:21:31 -0700

vyatta-cfg-firewall (0.13.76) unstable; urgency=low

  * fix 8112

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Mon, 18 Jun 2012 15:13:32 -0700

vyatta-cfg-firewall (0.13.75) unstable; urgency=low

  * Bugfix 8042: increase number of firewall groups to a reasonable
    number

 -- John Southworth <john.southworth@vyatta.com>  Fri, 08 Jun 2012 14:02:27 -0700

vyatta-cfg-firewall (0.13.74) unstable; urgency=low

  * Adding functions to conditionally add CT_HELPER chain and remove
    when not in use, neither by FW nor by NAT.

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Thu, 07 Jun 2012 22:17:09 -0700

vyatta-cfg-firewall (0.13.73) unstable; urgency=low

  * create CT_HELPER chain in PREROUTING and OUTPUT
  * don't add CTHELPER chain by default on boot. add when needed.
  * create nfct helper policies and prepare VYATTA_CT_HELPER chain

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Wed, 06 Jun 2012 21:47:45 -0700

vyatta-cfg-firewall (0.13.72) unstable; urgency=low

  * Remove sudo from port-group syntax check call

 -- John Southworth <john.southworth@vyatta.com>  Sun, 03 Jun 2012 12:16:21 -0700

vyatta-cfg-firewall (0.13.71) unstable; urgency=low

  * Make firewall syntax checks use the vyatta-util library

 -- John Southworth <john.southworth@vyatta.com>  Sat, 02 Jun 2012 21:05:27 -0700

vyatta-cfg-firewall (0.13.70) unstable; urgency=low

  * No need to have vrrp specific interface templates anymore

 -- John Southworth <john.southworth@vyatta.com>  Tue, 15 May 2012 20:43:09 -0700

vyatta-cfg-firewall (0.13.69) unstable; urgency=low

  * service names with hyphen need to be escaped using square brackets.

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Mon, 30 Apr 2012 16:13:31 -0700

vyatta-cfg-firewall (0.13.68) unstable; urgency=low

  * fixing 7998

 -- Gaurav Sinha <gaurav.sinha@vyatta.com>  Mon, 16 Apr 2012 11:12:28 -0700

vyatta-cfg-firewall (0.13.67) unstable; urgency=low

  * include CT_TIMEOUT chain for conntrack timeouts.

 -- Gaurav <gaurav.sinha@vyatta.com>  Fri, 23 Mar 2012 18:18:39 -0700

vyatta-cfg-firewall (0.13.66) unstable; urgency=low

  * new branch

 -- Deepti Kulkarni <deepti@vyatta.com>  Sat, 03 Mar 2012 02:25:26 -0800

vyatta-cfg-firewall (0.13.65) unstable; urgency=low

  * 7047:use DEFLT instead of default

 -- Gaurav <gaurav.sinha@vyatta.com>  Wed, 29 Feb 2012 15:59:30 -0800

vyatta-cfg-firewall (0.13.64) unstable; urgency=low

  * fixing 7047

 -- Gaurav <gaurav.sinha@vyatta.com>  Wed, 29 Feb 2012 13:51:06 -0800

vyatta-cfg-firewall (0.13.63) unstable; urgency=low

  * Bug Fix for 7751, 7753, 7757

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 24 Feb 2012 19:11:48 -0800

vyatta-cfg-firewall (0.13.62) unstable; urgency=low

  * Fix help string of state-policy for related connections

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 06 Jan 2012 11:37:16 -0800

vyatta-cfg-firewall (0.13.61) unstable; urgency=low

  * Create VRRP output filter to filter IGMP from vmac interfaces

 -- John Southworth <john.southworth@vyatta.com>  Tue, 27 Dec 2011 10:32:23 -0800

vyatta-cfg-firewall (0.13.60) unstable; urgency=low

  * Setup filter for VRRP vmac interfaces

 -- John Southworth <john.southworth@vyatta.com>  Mon, 12 Dec 2011 15:18:47 -0800

vyatta-cfg-firewall (0.13.59) unstable; urgency=low

  * Add vrrp interface parameters for bonding vifs

 -- John Southworth <john.southworth@vyatta.com>  Fri, 02 Dec 2011 11:24:59 -0800

vyatta-cfg-firewall (0.13.58) unstable; urgency=low

  * Warn users when stateful rules are set with state-policy configured

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 02 Dec 2011 03:58:22 -0800

vyatta-cfg-firewall (0.13.57) unstable; urgency=low

  [ Daniil Baturin ]
  * Remove conntrack-related templates from firewall
  * Remove remaining conntrack-related templates.
  * Remove conntrack modprobe config file (will be in vyatta-conntrack
    now).
  * Delete conntrack modprobe config file from automake rules.

  [ John Southworth ]
  * generate firewall templates for vrrp interfaces

 -- John Southworth <john.southworth@vyatta.com>  Thu, 01 Dec 2011 16:54:09 -0800

vyatta-cfg-firewall (0.13.56) unstable; urgency=low

  * Bug 6063 ENH: Provide option(s) to globally allow stateful return
    traffic

 -- Mohit Mehta <mohit@vyatta.com>  Thu, 01 Dec 2011 05:38:33 -0800

vyatta-cfg-firewall (0.13.55) unstable; urgency=low

  * Move check-params-on-reboot script for conntrack hash size to

 -- Daniil Baturin <daniil.baturin@vyatta.com>  Thu, 24 Nov 2011 01:05:16 +0700

vyatta-cfg-firewall (0.13.54) unstable; urgency=low

  * Remove conntrack-related code from firewall top level template

 -- Daniil Baturin <daniil.baturin@vyatta.com>  Tue, 08 Nov 2011 04:15:53 +0700

vyatta-cfg-firewall (0.13.53) unstable; urgency=low

  * Force release

 -- Daniil Baturin <daniil.baturin@vyatta.com>  Sat, 05 Nov 2011 06:16:01 +0700

vyatta-cfg-firewall (0.13.52) unstable; urgency=low

  * Remove conntrack-related templates from firewall
  * Remove remaining conntrack-related templates.
  * Remove conntrack modprobe config file (will be in vyatta-conntrack
    now).
  * Change firewall version from 4 to 5.
  * Fix automake rules to reflect version change and removal of
    conntrack modprobe config.

 -- Daniil Baturin <daniil.baturin@vyatta.com>  Sat, 05 Nov 2011 06:14:59 +0700

vyatta-cfg-firewall (0.13.51) unstable; urgency=low

  * Add support for vif on pseudo-ethernet
  * fix duplicate definiton in Makefile
  * Add dependency on version of vyatta-cfg-system

 -- Stephen Hemminger <shemminger@vyatta.com>  Thu, 03 Nov 2011 14:41:47 -0700

vyatta-cfg-firewall (0.13.50) unstable; urgency=low

  [ Stig ]
  * Fix Bug 7477 firewall group negation doesn't work in vc6.3

  [ Mohit Mehta ]

 -- Mohit Mehta <mohit@vyatta.com>  Mon, 29 Aug 2011 14:44:37 -0700

vyatta-cfg-firewall (0.13.49) unstable; urgency=low

  * Fix README

 -- Mohit Mehta <mohit@vyatta.com>  Mon, 18 Jul 2011 19:02:05 -0700

vyatta-cfg-firewall (0.13.48) unstable; urgency=low

  * Fix Bug 7340 Unable to apply modify firewall to interface when zone
    policy exists

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 15 Jul 2011 12:04:29 -0700

vyatta-cfg-firewall (0.13.47) unstable; urgency=low

  * new branch

 -- Deepti Kulkarni <deepti@vyatta.com>  Thu, 07 Jul 2011 20:55:14 -0700

vyatta-cfg-firewall (0.13.46) unstable; urgency=low

  * add "two-stage commit" equivalent to previous fix for bug 5227.

 -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 20 May 2011 12:17:44 -0700

vyatta-cfg-firewall (0.13.45) unstable; urgency=low

  * modify firewall groups to work with new commit

 -- An-Cheng Huang <ancheng@vyatta.com>  Tue, 10 May 2011 09:22:01 +0800

vyatta-cfg-firewall (0.13.44) unstable; urgency=low

  * * Fix Bug 6915 conntrack-hash-size reverts to default after upgrade

 -- Mohit Mehta <mohit@vyatta.com>  Mon, 18 Apr 2011 18:17:25 -0700

vyatta-cfg-firewall (0.13.43) unstable; urgency=low

  * more ipset 6.0 change

 -- An-Cheng Huang <ancheng@vyatta.com>  Mon, 07 Mar 2011 11:42:28 -0800

vyatta-cfg-firewall (0.13.42) unstable; urgency=low

  * changes for ipset 6.0

 -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 04 Mar 2011 19:14:31 -0800

vyatta-cfg-firewall (0.13.41) unstable; urgency=low

  * Partial fix for bug 6759 serial packages are incorrectly included in
    virt ISO

 -- Mohit Mehta <mohit@vyatta.com>  Wed, 02 Feb 2011 12:05:35 -0800

vyatta-cfg-firewall (0.13.40) unstable; urgency=low

  * Fix Bug 6292 iptables chain-name must be reduced to 28 characters
    max

 -- Mohit Mehta <mohit@vyatta.com>  Mon, 10 Jan 2011 17:36:06 -0800

vyatta-cfg-firewall (0.13.39) unstable; urgency=low

  * new branch

 -- An-Cheng Huang <ancheng@vyatta.com>  Tue, 28 Dec 2010 13:47:02 -0800

vyatta-cfg-firewall (0.13.38) unstable; urgency=low

  * Fix help text for firewall interface rules

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Mon, 06 Dec 2010 17:08:10 -0800

vyatta-cfg-firewall (0.13.37) unstable; urgency=low

  * Fix help text in generated templates

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Fri, 03 Dec 2010 13:48:09 -0800

vyatta-cfg-firewall (0.13.36) unstable; urgency=low

  * Fix 6442: Request to remove "Error: ipt_disable_conntrack failed to
    find

 -- Stig Thormodsrud <stig@vyatta.com>  Mon, 29 Nov 2010 17:27:49 -0800

vyatta-cfg-firewall (0.13.35) unstable; urgency=low

  * Show if logging is enabled on the default action.

 -- Stig Thormodsrud <stig@vyatta.com>  Mon, 29 Nov 2010 15:01:47 -0800

vyatta-cfg-firewall (0.13.34) unstable; urgency=low

  * Use regex to test for name length rather than wc program

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Wed, 24 Nov 2010 09:12:43 -0800

vyatta-cfg-firewall (0.13.33) unstable; urgency=low

  * Updated to change in error location api.

 -- Michael Larson <mike@vyatta.com>  Tue, 16 Nov 2010 09:36:48 -0800

vyatta-cfg-firewall (0.13.32) unstable; urgency=low

  * Fix Bug 6421 cannot set content-inspection in the same

 -- Mohit Mehta <mohit@vyatta.com>  Thu, 11 Nov 2010 18:09:13 -0800

vyatta-cfg-firewall (0.13.31) unstable; urgency=low

  * Fix 5247: Firewall groups CLI becomes out of sync with ipset when
    sets and deletes are contained within a single commit

 -- Stig Thormodsrud <stig@vyatta.com>  Sat, 30 Oct 2010 13:20:25 -0700

vyatta-cfg-firewall (0.13.30) unstable; urgency=low

  * use single variable to reference firewall IN and OUT hooks
  * add local hook setup/tear for filter table similar to in|out hooks

 -- Mohit Mehta <mohit@vyatta.com>  Tue, 19 Oct 2010 18:59:56 -0700

vyatta-cfg-firewall (0.13.29) unstable; urgency=low

  * Change snort queue target use default queue.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 15 Oct 2010 18:16:38 -0700

vyatta-cfg-firewall (0.13.28) unstable; urgency=low

  * Fix 6296: "iptables: No chain..." message when committing the
    firewall group configuration.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 15 Oct 2010 16:38:25 -0700

vyatta-cfg-firewall (0.13.27) unstable; urgency=low

  * missing paren

 -- root <root@debian.vyatta.com>  Fri, 15 Oct 2010 16:09:48 -0700

vyatta-cfg-firewall (0.13.26) unstable; urgency=low

  * additional errors w/ location of error.

 -- root <root@debian.vyatta.com>  Fri, 15 Oct 2010 15:08:19 -0700

vyatta-cfg-firewall (0.13.25) unstable; urgency=low

  [ Stephen Hemminger ]
  * Use Sys::Syslog to avoid calling logger excessively

  [ Stig Thormodsrud ]
  * Add Iptables::Mgr route to get queue target.

 -- Stig Thormodsrud <stig@vyatta.com>  Thu, 14 Oct 2010 14:11:01 -0700

vyatta-cfg-firewall (0.13.24) unstable; urgency=low

  * Fix dependency on sysklogd
  * Fix dependency on virtual-package

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Thu, 07 Oct 2010 11:41:43 -0700

vyatta-cfg-firewall (0.13.23) unstable; urgency=low

  * move chain_referenced function to Mgr.pm module

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 01 Oct 2010 11:32:43 -0700

vyatta-cfg-firewall (0.13.22) unstable; urgency=low

  * * move count_iptables_rule to Iptables::Mgr and update it's usage

 -- Mohit Mehta <mohit@vyatta.com>  Tue, 21 Sep 2010 21:16:45 -0700

vyatta-cfg-firewall (0.13.21) unstable; urgency=low

  * * separate out post fw hooks for IN, FWD, OUT. Use
    count_iptables_rule from lib

 -- Mohit Mehta <mohit@vyatta.com>  Tue, 21 Sep 2010 17:35:13 -0700

vyatta-cfg-firewall (0.13.20) unstable; urgency=low

  * rename existing file no matter what; don't need the -n flag

 -- Mohit Mehta <mohit@vyatta.com>  Mon, 13 Sep 2010 15:34:09 -0700

vyatta-cfg-firewall (0.13.19) unstable; urgency=low

  * Fix bug 6149 Warning on boot because of modprobe config file names

 -- Mohit Mehta <mohit@vyatta.com>  Mon, 13 Sep 2010 15:03:33 -0700

vyatta-cfg-firewall (0.13.18) unstable; urgency=low

  * Fix Bug 6149 Warning on boot because of modprobe config file names

 -- Mohit Mehta <mohit@vyatta.com>  Mon, 13 Sep 2010 14:07:16 -0700

vyatta-cfg-firewall (0.13.17) unstable; urgency=low

  * Fix Bug 5309 Allow modifyining TCP MSS option

 -- Mohit Mehta <mohit@vyatta.com>  Fri, 10 Sep 2010 16:49:42 -0700

vyatta-cfg-firewall (0.13.16) unstable; urgency=low

  * add Replaces field for vyatta-cfg-firewall-serial

 -- An-Cheng Huang <ancheng@vyatta.com>  Wed, 08 Sep 2010 11:33:31 -0700

vyatta-cfg-firewall (0.13.15) unstable; urgency=low

  * Split serial templates into separate package

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Tue, 07 Sep 2010 08:54:41 -0700

vyatta-cfg-firewall (0.13.14) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Thu, 02 Sep 2010 18:28:11 -0700

vyatta-cfg-firewall (0.13.13) unstable; urgency=low

  * Fix 6125: iptables errors on boot up of mendocino

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 31 Aug 2010 16:09:26 -0700

vyatta-cfg-firewall (0.13.12) unstable; urgency=low

  * remove low-level config dir usage

 -- An-Cheng Huang <ancheng@vyatta.com>  Tue, 17 Aug 2010 18:24:25 -0700

vyatta-cfg-firewall (0.13.11) unstable; urgency=low

  * update help text to use val_help

 -- An-Cheng Huang <ancheng@vyatta.com>  Tue, 17 Aug 2010 15:31:04 -0700

vyatta-cfg-firewall (0.13.10) unstable; urgency=low

  [ Mohit Mehta ]
  * fix range in help strings for count parameter under recent
  * fix bug 6055 firewall rule help strings are confusing

  [ Stig Thormodsrud ]
  * Fix 5917: FW: Max characters exceeded for ipset rule when using "set
    firewall

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 17 Aug 2010 10:58:05 -0700

vyatta-cfg-firewall (0.13.9) unstable; urgency=low

  * remove low-level config dir usage

 -- An-Cheng Huang <ancheng@vyatta.com>  Mon, 16 Aug 2010 18:32:41 -0700

vyatta-cfg-firewall (0.13.8) unstable; urgency=low

  * remove CLI backend env variables usage
  * get rid of lintian warnings

 -- An-Cheng Huang <ancheng@vyatta.com>  Wed, 11 Aug 2010 18:46:50 -0700

vyatta-cfg-firewall (0.13.7-94) unstable; urgency=low

  [ Stephen Hemminger ]
  * Convert firewall rules to val_help:

  [ Stig Thormodsrud ]
  * Fix 5917: FW: Max characters exceeded for ipset rule when using "set
    firewall group address-group" command

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 27 Jul 2010 15:58:57 -0700

vyatta-cfg-firewall (0.13.7-93) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Thu, 22 Jul 2010 17:23:10 -0700

vyatta-cfg-firewall (0.13.7-92) unstable; urgency=low

  * undo verb usage at the start of help strings

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 21 Jul 2010 14:10:52 -0700

vyatta-cfg-firewall (0.13.7-91) unstable; urgency=low

  * Fix bug 4629 configuration limit of recent count firewall rule is 20

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 15 Jul 2010 10:55:42 -0700

vyatta-cfg-firewall (0.13.7-90) unstable; urgency=low

  * Fix Bug 5744 unable to use firewall group with recent match
    condition

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 13 Jul 2010 18:54:01 -0700

vyatta-cfg-firewall (0.13.7-89) unstable; urgency=low

  * Dont tear down conntrack if the other table is using it.

 -- Stig Thormodsrud <stig@vyatta.com>  Sat, 12 Jun 2010 15:47:49 -0700

vyatta-cfg-firewall (0.13.7-88) unstable; urgency=low

  * Dont create FW_CONNTRACK if it already exists.

 -- Stig Thormodsrud <stig@vyatta.com>  Sat, 12 Jun 2010 15:20:36 -0700

vyatta-cfg-firewall (0.13.7-87) unstable; urgency=low

  * Add support for firewall enable-default-log.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 11 Jun 2010 18:10:17 -0700

vyatta-cfg-firewall (0.13.7-86) unstable; urgency=low

  * Fix ipt_disable_conntrack() to delete correct chain.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 11 Jun 2010 10:21:10 -0700

vyatta-cfg-firewall (0.13.7-85) unstable; urgency=low

  * Infrastruction needed for bug 5583.

 -- Stig Thormodsrud <stig@vyatta.com>  Thu, 10 Jun 2010 15:02:08 -0700

vyatta-cfg-firewall (0.13.7-84) unstable; urgency=low

  * Bugfix 5632: Add ability to configure SIP UDP port numbers.

 -- Bob Gilligan <gilligan@vyatta.com>  Mon, 31 May 2010 00:36:47 -0700

vyatta-cfg-firewall (0.13.7-83) unstable; urgency=low

  * need to restart conntrackd when conntrack table size changes

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 20 May 2010 19:28:57 -0700

vyatta-cfg-firewall (0.13.7-82) unstable; urgency=low

  * Fix Bug 5588 Add ability to modify conntrack expectation table size

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 17 May 2010 15:29:58 -0700

vyatta-cfg-firewall (0.13.7-81) unstable; urgency=low

  * add input interface templates
  * Make sure perl packages load successfully

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Thu, 06 May 2010 16:19:09 -0700

vyatta-cfg-firewall (0.13.7-80) unstable; urgency=low

  * Add VYATTA_PRE_DNAT_HOOK in nat PREROUTING table.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 09 Apr 2010 14:54:20 -0700

vyatta-cfg-firewall (0.13.7-79) unstable; urgency=low

  * Fix 5203: negation in firewall rule causes deprecation message

 -- Stig Thormodsrud <stig@vyatta.com>  Wed, 24 Mar 2010 17:12:32 -0700

vyatta-cfg-firewall (0.13.7-78) unstable; urgency=low

  * Fix firewall group parent delete while still referenced.

 -- Stig Thormodsrud <stig@vyatta.com>  Thu, 18 Mar 2010 19:45:24 -0700

vyatta-cfg-firewall (0.13.7-77) unstable; urgency=low

  * Fix 5453: can't delete "address" under "firewall group <> address-
    group <> "

 -- Stig Thormodsrud <stig@vyatta.com>  Wed, 17 Mar 2010 16:43:04 -0700

vyatta-cfg-firewall (0.13.7-76) unstable; urgency=low

  * Fix 5453: can't delete "address" under "firewall group <> address-
    group <>"

 -- Stig Thormodsrud <stig@vyatta.com>  Wed, 17 Mar 2010 14:32:14 -0700

vyatta-cfg-firewall (0.13.7-75) unstable; urgency=low

  * Fix firewall conntrack teardown.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 05 Mar 2010 11:43:23 -0800

vyatta-cfg-firewall (0.13.7-74) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Wed, 17 Feb 2010 16:13:01 -0800

vyatta-cfg-firewall (0.13.7-73) unstable; urgency=low

  * Fix 5227: firewall group config can get out of sync with ipset

 -- Stig Thormodsrud <stig@vyatta.com>  Mon, 15 Feb 2010 13:10:57 -0800

vyatta-cfg-firewall (0.13.7-72) unstable; urgency=low

  [ Stephen Hemminger ]
  * Remove old Xorp template

  [ Stig Thormodsrud ]
  * Fix 5326: firewall group address range wraps at 255.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 12 Feb 2010 13:12:03 -0800

vyatta-cfg-firewall (0.13.7-71) unstable; urgency=low

  * Fix 5248: Firewall config and show commands hang when showing and
    committing address groups.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 22 Jan 2010 15:01:46 -0800

vyatta-cfg-firewall (0.13.7-70) unstable; urgency=low

  * Add same restrictions to ipv6-firewall name

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Mon, 04 Jan 2010 16:08:14 -0800

vyatta-cfg-firewall (0.13.7-69) unstable; urgency=low

  * Add VIF for wireless templates
  * Don't allow spaces or other shell-confusing characters in firewall
    name

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Mon, 04 Jan 2010 15:26:19 -0800

vyatta-cfg-firewall (0.13.7-68) unstable; urgency=low

  * Fix Bug 5173 Firewall becomes out of sync with iptables when logging
    is used

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 22 Dec 2009 21:01:08 -0800

vyatta-cfg-firewall (0.13.7-67) unstable; urgency=low

  * added required keyword to help text.

 -- Michael Larson <slioch@slioch.vyatta.com>  Mon, 30 Nov 2009 15:31:39 -0800

vyatta-cfg-firewall (0.13.7-66) unstable; urgency=low

  * dependencyupdate

 -- Michael Larson <slioch@slioch.vyatta.com>  Fri, 13 Nov 2009 14:16:15 -0800

vyatta-cfg-firewall (0.13.7-65) unstable; urgency=low

  * move priority after tag nodes.

 -- slioch <slioch@eng-140.vyatta.com>  Wed, 21 Oct 2009 09:18:12 -0700

vyatta-cfg-firewall (0.13.7-64) unstable; urgency=low

  * add priority to node.def files.

 -- slioch <slioch@eng-140.vyatta.com>  Tue, 20 Oct 2009 16:22:22 -0700

vyatta-cfg-firewall (0.13.7-63) unstable; urgency=low

  * Change syntax exec to syntax pattern.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 02 Oct 2009 18:18:32 -0700

vyatta-cfg-firewall (0.13.7-62) unstable; urgency=low

  * Bugfix 4951: Don't fail if IPv6 kernel module is not loaded.

 -- Bob Gilligan <gilligan@vyatta.com>  Tue, 22 Sep 2009 15:54:19 -0700

vyatta-cfg-firewall (0.13.7-61) unstable; urgency=low

  [ rbays ]
  * fix for bug 4794 SIP Helper/ALG module does not translate RTP
    traffic...

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 31 Aug 2009 12:29:12 -0700

vyatta-cfg-firewall (0.13.7-60) unstable; urgency=low

  * Add templates for wireless devices

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Thu, 20 Aug 2009 13:42:49 -0700

vyatta-cfg-firewall (0.13.7-59) unstable; urgency=low

  * * Fix Bug 3625 Firewall protocol option should have a selection for
    TCP and UDP

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 07 Aug 2009 18:56:15 -0700

vyatta-cfg-firewall (0.13.7-58) unstable; urgency=low

  * prevent possible situation where the two iptables rules for match
    condition

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 06 Aug 2009 12:01:29 -0700

vyatta-cfg-firewall (0.13.7-57) unstable; urgency=low

  [ Stig Thormodsrud ]
  * Fix 4683: Firewall Rule number maximum 1024 reached
  * Another attempt to fix 4760.

  [ Mohit Mehta ]
  * add tcp_udp as a valid key to hash. feature developer is responsible

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 05 Aug 2009 12:35:54 -0700

vyatta-cfg-firewall (0.13.7-56) unstable; urgency=low

  [ Stephen Hemminger ]
  * remove pseudo-ethernet vif

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 10 Jul 2009 16:57:49 -0700

vyatta-cfg-firewall (0.13.7-55) unstable; urgency=low

  * Firewall groups fail on bootup - change syntax check to commit
    check.
  * Fix negate of firewall group.

 -- Stig Thormodsrud <stig@vyatta.com>  Mon, 15 Jun 2009 18:11:15 -0700

vyatta-cfg-firewall (0.13.7-54) unstable; urgency=low

  * Fix 4581: Firewall name issue causes failed commit

 -- Stig Thormodsrud <stig@vyatta.com>  Sun, 14 Jun 2009 11:25:43 -0700

vyatta-cfg-firewall (0.13.7-53) unstable; urgency=low

  * Change syntax err msg from default-policy to default-action.

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 02 Jun 2009 20:23:39 -0700

vyatta-cfg-firewall (0.13.7-52) unstable; urgency=low

  * Change firewall default-policy to default-action.

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 02 Jun 2009 18:52:16 -0700

vyatta-cfg-firewall (0.13.7-51) unstable; urgency=low

  * * fix syntax error message

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 02 Jun 2009 18:03:59 -0700

vyatta-cfg-firewall (0.13.7-50) unstable; urgency=low

  * Make firewall group comp_help more consistent with the rest of the
    cli.

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 02 Jun 2009 15:41:44 -0700

vyatta-cfg-firewall (0.13.7-49) unstable; urgency=low

  * * add default value of 1 for 'limit burst' in its node.def

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 02 Jun 2009 12:25:46 -0700

vyatta-cfg-firewall (0.13.7-48) unstable; urgency=low

  * UNRELEASED

 -- An-Cheng Huang <ancheng@vyatta.com>  Fri, 29 May 2009 18:35:06 -0700

vyatta-cfg-firewall (0.13.7-47) unstable; urgency=low

  * Bugfix 4462: Fix typo in interface name references.

 -- Bob Gilligan <gilligan@vyatta.com>  Thu, 28 May 2009 15:39:53 -0700

vyatta-cfg-firewall (0.13.7-46) unstable; urgency=low

  [ Stephen Hemminger ]
  * remove unused ifrename

  [ Mohit Mehta ]
  * explicitly set conntrack table size to 16384 on system boot

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 27 May 2009 14:08:26 -0700

vyatta-cfg-firewall (0.13.7-45) unstable; urgency=low

  * Fix 4390: Firewall config error: Cannot specify multiple ports when
    both

 -- Stig Thormodsrud <stig@vyatta.com>  Thu, 14 May 2009 16:43:44 -0700

vyatta-cfg-firewall (0.13.7-44) unstable; urgency=low

  * rectify regex check

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 13 May 2009 18:18:58 -0700

vyatta-cfg-firewall (0.13.7-43) unstable; urgency=low

  * Fix Bug 4394 reject is an invalid action for rules in modify
    rulesets

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 12 May 2009 12:17:15 -0700

vyatta-cfg-firewall (0.13.7-42) unstable; urgency=low

  * Add 'reject' as a configurable value for default-policy

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 11 May 2009 16:58:26 -0700

vyatta-cfg-firewall (0.13.7-41) unstable; urgency=low

  [ Bob Gilligan ]
  * Bugfix 4340:  Enable net.netfilter.nf_conntrack_tcp_be_liberal by
    default.

  [ Mohit Mehta ]
  * Fix Bug 4388 firewall name shouldn't have been set after commit
    failed

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 08 May 2009 17:19:24 -0700

vyatta-cfg-firewall (0.13.7-40) unstable; urgency=low

  * * don't allow user to create a chain that exists in the system. This
    may be

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 05 May 2009 11:51:19 -0700

vyatta-cfg-firewall (0.13.7-39) unstable; urgency=low

  * * setup table only for specific tree, not both filter and mangle

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 01 May 2009 16:33:59 -0700

vyatta-cfg-firewall (0.13.7-38) unstable; urgency=low

  * Handle files moved from other packages to this package.

 -- Bob Gilligan <gilligan@vyatta.com>  Wed, 29 Apr 2009 16:01:44 -0700

vyatta-cfg-firewall (0.13.7-37) unstable; urgency=low

  * Rename virtual-ethernet to pseudo-ethernet

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Wed, 29 Apr 2009 12:33:08 -0700

vyatta-cfg-firewall (0.13.7-36) unstable; urgency=low

  * outlaw applying firewall to an interface that is defined under a
    zone

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 27 Apr 2009 17:20:49 -0700

vyatta-cfg-firewall (0.13.7-35) unstable; urgency=low

  * Disable firewall debuging by default.

 -- Stig Thormodsrud <stig@vyatta.com>  Mon, 27 Apr 2009 15:37:15 -0700

vyatta-cfg-firewall (0.13.7-34) unstable; urgency=low

  * enable/disable conntrack separately for ipv4/ipv6

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 24 Apr 2009 18:17:26 -0700

vyatta-cfg-firewall (0.13.7-33) unstable; urgency=low

  * Move setup/teardown out from top-level firewall node.

 -- Stig Thormodsrud <stig@vyatta.com>  Fri, 24 Apr 2009 16:20:03 -0700

vyatta-cfg-firewall (0.13.7-32) unstable; urgency=low

  [ Stephen Hemminger ]
  * Add support for virtual-ethernet

  [ Bob Gilligan ]
  * bugfix 4297:  Don't allow modify rulesets on local traffic.

 -- Bob Gilligan <gilligan@vyatta.com>  Fri, 24 Apr 2009 14:32:27 -0700

vyatta-cfg-firewall (0.13.7-31) unstable; urgency=low

  * Fix Bug 4261 - Features missing in various firewall sub-trees

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Wed, 22 Apr 2009 16:25:44 -0700

vyatta-cfg-firewall (0.13.7-30) unstable; urgency=low

  * Add conntrack and post firewall hooks for IPv6.

 -- Bob Gilligan <gilligan@vyatta.com>  Mon, 13 Apr 2009 15:15:40 -0700

vyatta-cfg-firewall (0.13.7-29) unstable; urgency=low

  * Move firewall "end" processing down to each table.
  * Fix bug where an empty firewall rule deletes the default drop
    policy.

 -- Stig Thormodsrud <stig@vyatta.com>  Mon, 13 Apr 2009 13:58:29 -0700

vyatta-cfg-firewall (0.13.7-28) unstable; urgency=low

  * Fix faulty search loop.
  * Add ability for firename to select default policy.

 -- Stig Thormodsrud <stig@vyatta.com>  Thu, 09 Apr 2009 11:28:51 -0700

vyatta-cfg-firewall (0.13.7-27) unstable; urgency=low

  * Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK.

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 07 Apr 2009 19:46:53 -0700

vyatta-cfg-firewall (0.13.7-26) unstable; urgency=low

  * Bugfix 4261: Add support to configure "limit" for IPv6 modify
    rulesets.

 -- Bob Gilligan <gilligan@vyatta.com>  Fri, 03 Apr 2009 14:21:44 -0700

vyatta-cfg-firewall (0.13.7-25) unstable; urgency=low

  * Bugfix 4261: Add support to configure "limit" in IPv6.

 -- Bob Gilligan <gilligan@vyatta.com>  Fri, 03 Apr 2009 14:13:10 -0700

vyatta-cfg-firewall (0.13.7-24) unstable; urgency=low

  [ Stig Thormodsrud ]
  * Allow user configurable default-policy on firewall.
  * Revert "Allow user configurable default-policy on firewall."

  [ Stephen Hemminger ]
  * Cleanup perl code that generates templates

  [ Stig Thormodsrud ]
  * Remove extra carriage return that was breaking the generated
    firewall

 -- Stig Thormodsrud <stig@vyatta.com>  Tue, 31 Mar 2009 18:02:34 -0700

vyatta-cfg-firewall (0.13.7-23) unstable; urgency=low

  * * add 'redirect' to Valid ICMPv6 Types

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 26 Mar 2009 11:32:39 -0700

vyatta-cfg-firewall (0.13.7-22) unstable; urgency=low

  * Doing strict ES won't work for router

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Fri, 13 Mar 2009 10:19:02 -0700

vyatta-cfg-firewall (0.13.7-21) unstable; urgency=low

  * Enable strict host matching
  * Don't use -P

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Thu, 12 Mar 2009 11:32:50 -0700

vyatta-cfg-firewall (0.13.7-20) unstable; urgency=low

  * Bugfix 4203: Name of template should be classical-ipoa, not
    classical_ipoa

 -- Bob Gilligan <gilligan@vyatta.com>  Tue, 10 Mar 2009 16:34:31 -0700

vyatta-cfg-firewall (0.13.7-19) unstable; urgency=low

  * Automatically generate more per-interface firewall templates.

 -- Bob Gilligan <gilligan@vyatta.com>  Mon, 09 Mar 2009 11:19:04 -0700

vyatta-cfg-firewall (0.13.7-18) unstable; urgency=low

  * Remove per-interface firewall templates; They are now generated.

 -- Bob Gilligan <gilligan@vyatta.com>  Fri, 06 Mar 2009 17:09:08 -0800

vyatta-cfg-firewall (0.13.7-17) unstable; urgency=low

  * Don't attempt to delete ruleset from "other" trees

 -- Bob Gilligan <gilligan@vyatta.com>  Wed, 04 Mar 2009 12:00:51 -0800

vyatta-cfg-firewall (0.13.7-16) unstable; urgency=low

  * Fix generated templates for ethernet vifs.

 -- Bob Gilligan <gilligan@vyatta.com>  Tue, 03 Mar 2009 18:15:47 -0800

vyatta-cfg-firewall (0.13.7-15) unstable; urgency=low

  [ Stig Thormodsrud ]
  * Revert "Make sure to quote $VAR(@)."
  * Use single quote around $VAR(@).

  [ Bob Gilligan ]
  * The generated-templates directory holds only derived files.

  [ Stig Thormodsrud ]
  * Add allow/comp_help to firewall action.
  * Limit address range to a /24, but make easy to change if it's deam
    too restrictive.
  * Prevent ';' from being used in a firewall name.
  * Fix 3422: fw logging fails if logprefix is too long (> 29
    characters)

 -- Stig Thormodsrud <stig@io.vyatta.com>  Sun, 01 Mar 2009 12:17:09 -0800

vyatta-cfg-firewall (0.13.7-14) unstable; urgency=low

  [ Stig Thormodsrud ]
  * Limit firewall name to 29 characters since that is the
    iptables/ip6tables

  [ Mohit Mehta ]
  * add ipv6 accept_redirects and accept_source_route under firewall

  [ Stig Thormodsrud ]
  * Make sure to quote $VAR(@).

  [ Mohit Mehta ]

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 24 Feb 2009 18:56:15 -0800

vyatta-cfg-firewall (0.13.7-13) unstable; urgency=low

  [ Mohit Mehta ]
  * Fix Bug 4150 enable loose reverse path filtering

  [ Bob Gilligan ]
  * Allow IPv6 firewall rulesets to be configured on an interface
    independent of IPv4.

 -- Bob Gilligan <gilligan@vyatta.com>  Tue, 24 Feb 2009 16:43:15 -0800

vyatta-cfg-firewall (0.13.7-12) unstable; urgency=low

  * Add "ipv6-modify" firewall configuration sub-tree.

 -- Bob Gilligan <gilligan@vyatta.com>  Mon, 23 Feb 2009 12:00:44 -0800

vyatta-cfg-firewall (0.13.7-11) unstable; urgency=low

  * Fix Bug 3951 default values for kernel tunable security parameters
    under firewall
  * Fix Bug 3951 default values for kernel tunable security parameters
    under firewall

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 19 Feb 2009 19:14:17 -0800

vyatta-cfg-firewall (0.13.7-10) unstable; urgency=low

  * Multiple updates for IPv6:

 -- Bob Gilligan <gilligan@vyatta.com>  Wed, 18 Feb 2009 16:52:51 -0800

vyatta-cfg-firewall (0.13.7-9) UNRELEASED; urgency=low

  * Add check for address range starting with higher address.
  * Add natural-order sort for displaying address/network groups.

 -- Stig Thormodsrud <stig@io.vyatta.com>  Mon, 16 Feb 2009 13:28:42 -0800
	
vyatta-cfg-firewall (0.13.7-8) UNRELEASED; urgency=low

  * Add support for ranges in firewall group address & port.
  * Change delete_member_range to use the same subnet prefix.
  * Reduce duplicate code.

 -- Stig Thormodsrud <stig@io.vyatta.com>  Mon, 16 Feb 2009 11:59:41 -0800

vyatta-cfg-firewall (0.13.7-7) unstable; urgency=low

  [ Mohit Mehta ]
  * no need to use loop to echo allowed values

  [ Stig Thormodsrud ]
  * Add allow values for firewall groups.
  * Add firewall group nodes to firewall modify.
  * Add check for combining network-group and address-group.
  * Add support for "show firewall group".
  * Cache exists() to reduce calls to external /usr/sbin/ipset.
  * Add show-set to display all sets.

  [ Mohit Mehta ]
  * Fix Bug 4074 firewall broadcast ping parameter needs to be clarified

  [ Stig Thormodsrud ]
  * Add description and references to "show firewall group".
  * Make "show firewall group" work for operator.

 -- Stig Thormodsrud <stig@io.vyatta.com>  Fri, 13 Feb 2009 20:52:51 -0800

vyatta-cfg-firewall (0.13.7-6) unstable; urgency=low

  [ Stig Thormodsrud ]
  * Add back parameter that was dropped when converting to use
    run_cmd().
  * Add more firewall group validation before calling ipset.
  * Add more validation of firewall network-group before calling ipset.
  * Add space in front of match rule just in case other match rules
    don't.
  * Clean up mapping between vyatta firewall group_type vs ipset
    set_type.
  * Change sudo usage to be more consistent.
  * Add check for combination of IP range and network-group.

  [ Mohit Mehta ]
  * better off storing icmp type-names than depend on iptables help

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 12 Feb 2009 17:33:55 -0800

vyatta-cfg-firewall (0.13.7-5) unstable; urgency=low

  * Delete commented out code.
  * Add validation of group type.
  * Add carriage return to error message.

 -- Stig Thormodsrud <stig@io.vyatta.com>  Mon, 09 Feb 2009 10:22:42 -0800

vyatta-cfg-firewall (0.13.7-4) unstable; urgency=low

  * changing debian version string

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 05 Feb 2009 18:52:36 -0800

vyatta-cfg-firewall (0.13.7-3) unstable; urgency=low

  [ Stig Thormodsrud ]
  * Reduce duplicate code.
  * Reduce duplicate code in setup/setupOrig.
  * Add validation that group and non-groups can't be used in the same
    src/dst rule.
  * Reduce duplicate code in setup/setupOrig.

  [ Mohit Mehta ]
  * display appropriate anywhere address depending on IPv4 or IPv6

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Thu, 05 Feb 2009 18:41:00 -0800

vyatta-cfg-firewall (0.13.7-2) unstable; urgency=low

  [ Bob Gilligan ]
  * Rever to specific IP version in help text.
  * Bugfix 4052: Support PPPOE over an ethernet VIF.

  [ Stig Thormodsrud ]
  * Add 1st pass of firewall group support (ipset netfilter module
  * Fix call to returnValue that should be returnOrigValue.

  [ Stephen Hemminger ]
  * Remove prototype
  * Enable strict checking
  * Fix perlcritic warnings
  * Turn on strict checking and fix warnings

 -- Stephen Hemminger <stephen.hemminger@vyatta.com>  Tue, 03 Feb 2009 09:24:52 -0800

vyatta-cfg-firewall (0.13.7-1) unstable; urgency=low

  * Fix Bug 2741 ENH: filter based on ICMP Type/code by name

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 30 Jan 2009 18:39:18 -0800

vyatta-cfg-firewall (0.13.7) unstable; urgency=low

  [ Bob Gilligan ]
  * Add support for IPv6 address ranges.

  [ Mohit Mehta ]
  * Use iptables comment to identify CLI rule numbers in iptables output

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 30 Jan 2009 11:17:19 -0800

vyatta-cfg-firewall (0.13.6) unstable; urgency=low

  * Fix Bug 2474 https://bugzilla.vyatta.com/show_bug.cgi?id=2474

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Mon, 26 Jan 2009 16:45:01 -0800

vyatta-cfg-firewall (0.13.5) unstable; urgency=low

  * Bugfix 4062: Don't reference parameters outside the config tree.

 -- Bob Gilligan <gilligan@vyatta.com>  Fri, 23 Jan 2009 14:09:27 -0800

vyatta-cfg-firewall (0.13.4) unstable; urgency=low

  * Initial support for IPv6.

 -- Bob Gilligan <gilligan@vyatta.com>  Thu, 22 Jan 2009 13:36:29 -0800

vyatta-cfg-firewall (0.13.3) unstable; urgency=low

  * UNRELEASED
  * - Fix Bug 2223 Add rate rate limiting / burst limiting functions to
    the Vyatta firewall
  * Fix Bug 3653 Add the ability to configure time-based firewall rules
  * Fix Bug 3653 Add the ability to configure time-based firewall rules

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Fri, 16 Jan 2009 18:33:11 -0800

vyatta-cfg-firewall (0.13.2) unstable; urgency=low

  * UNRELEASED
  * Fix Bug 3653 Add the ability to configure time-based firewall rules

 -- Mohit Mehta <mohit.mehta@vyatta.com>  Tue, 13 Jan 2009 18:09:11 -0800

vyatta-cfg-firewall (0.13.1) unstable; urgency=low

  [ An-Cheng Huang ]
  * add support for development build

  [ Stephen Hemminger ]
  * Rename VyattaIpTablesRule to Vyatta::IpTables::Rule
  * Convert to Vyatta::Config
  * Convert VyattaConfig to Vyatta::Config
  * Fix reference to Vyatta::Misc

  [ An-Cheng Huang ]
  * fix for perl module reorganization
  * add ipp2p config options

  [ Stig Thormodsrud ]
  * Convert to use Vyatta::

  [ Bob Gilligan ]
  * Cleanup firewall templates for readability.  Update help strings to
    reflect IPv4.

  [ Stig Thormodsrud ]
  * Warning are now enabled - don't reference undefined values.

  [ An-Cheng Huang ]
  * update maintainer information
  * "files" file should be removed before package build

  [ Stig Thormodsrud ]
  * Fix 3626: Not all protocol numbers are accepted in firewall rules.
  * Fix 2563: Add firewall-rule specific disable configuration
    parameter.

  [ An-Cheng Huang ]

 -- An-Cheng Huang <ancheng@vyatta.com>  Thu, 08 Jan 2009 09:20:14 -0800

vyatta-cfg-firewall (0.13) unstable; urgency=low

	  3.2.0
  [ Mark O'Brien ]


  [ Bob Gilligan ]
  * Bugfix: 3684

  [ Stephen Hemminger ]
  * add firewall hooks for ethernet bonding

  [ An-Cheng Huang ]
  * fix for bug 3622: add pre-SNAT hook
  * fix for bug 3604: add fragment matching options
  * fix conntrack enabling mechanism
  * fix for bug 2224: add "recent" matching

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@firebolt.vyatta.com>  Tue, 25 Nov 2008 19:08:40 -0800

vyatta-cfg-firewall (0.12) unstable; urgency=low

	  3.1.3
  [ Mark O'Brien ]


  [ An-Cheng Huang ]
  * fix conntrack enabling mechanism

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@firebolt.vyatta.com>  Tue, 19 Aug 2008 17:48:24 -0700

vyatta-cfg-firewall (0.11) unstable; urgency=low

	  3.1.1
  [ Mark O'Brien ]


  [ An-Cheng Huang ]
  * increment firewall config syntax version for hollywood.

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@firebolt.vyatta.com>  Sat, 28 Jun 2008 11:22:07 -0700

vyatta-cfg-firewall (0.10) unstable; urgency=low

	  3.1.0
  [ Mark O'Brien ]


  [ Stephen Hemminger ]
  * Use regular snmpd

  [ Bob Gilligan ]
  * Bugfix: 2120
  * Bugfix: 2122

  [ rbalocca ]
  * Add vyatta-snmpd

  [ An-Cheng Huang ]
  * rename "mangle" to "modify"

  [ rbalocca ]
  * Ignore derived files

  [ An-Cheng Huang ]
  * allow firewall rule to match inbound IPsec packets.
  * add "inspect" action (maps to QUEUE) so "custom" traffic-filter for
    IPS
  * add mangle table support to firewall configuration. initial
    implementation

  [ rbalocca ]
  * Convert to our method of changelog creation

  [ Bob Gilligan ]
  * Add firewall templates for PPPOA, PPPOE, and classical IP over ATM,
    on

  [ Mohit Mehta ]
  * Fix Bug 3069 Help strings should be standardized

  [ An-Cheng Huang ]
  * add post-firewall hook for other features
  * fix for bug 3127: look for an exact match to replace/delete.

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@firebolt.vyatta.com>  Tue, 17 Jun 2008 09:26:05 -0700

vyatta-cfg-firewall (0.9) unstable; urgency=low

  3.0.5


 -- Mark O'Brien <mobrien@vyatta.com>  Tue, 06 May 2008 12:43:09 -0700

vyatta-cfg-firewall (0.8) unstable; urgency=low

  3.0.4


 -- Mark O'Brien <mobrien@vyatta.com>  Mon, 05 May 2008 16:40:28 -0700

vyatta-cfg-firewall (0.7) unstable; urgency=low

  3.0.3
  [ Mark O'Brien ]


  [ rbalocca ]
  * Indicate the VC4.0.2 release candidate in the changelog

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Tue, 29 Apr 2008 16:42:09 -0700

vyatta-cfg-firewall (0.6) unstable; urgency=low

  VC4.0.2
  [ Mark O'Brien ]


  [ An-Cheng Huang ]
  * fix for bug 3167: get the actual return status from iptables.
  * fix for bug 3167: disallow multiport specification if both source
    and

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Sat, 19 Apr 2008 11:55:56 -0700

vyatta-cfg-firewall (0.5) unstable; urgency=low

  VC4.0.2 release candidate
  [ Mark O'Brien ]


  [ An-Cheng Huang ]
  * fix for bug 3127: look for an exact match to replace/delete.

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Wed, 16 Apr 2008 09:49:51 -0700

vyatta-cfg-firewall (0.4) unstable; urgency=low

  3.0.2
  [ Mark O'Brien ]

  * 3.0.1

  [ rbalocca ]
  * Fix debian dependencies
  * Set dependencies on either bash or vyatta-bash

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Fri, 04 Apr 2008 18:00:16 -0700

vyatta-cfg-firewall (0.3) unstable; urgency=low

  VC4.0.1
  [ Mark O'Brien ]


  [ An-Cheng Huang ]
  * fix a problem in the interaction between "firewall" and
    "interfaces".

  [ Stephen Hemminger ]
  * Replace VPL with GPLv2
  * Change to GPLv2
  * Update debian/copyright for GPLv2
  * update from VPL1 to GPLv2

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Tue, 18 Mar 2008 19:03:26 -0700

vyatta-cfg-firewall (0.2) unstable; urgency=low

  vc4.0.0
  [ Mark O'Brien ]


  [ An-Cheng Huang ]
  * convert templates to new syntax
  * fix for bug 2591: update help text
  * fix for bug 2528: collapse source/destination "address" and
    "network".
  * fix for bug 2789: merge port configuration options.
  * merge ports in show output
  * merge address range into address
  * add address validation
  * move common module to vyatta-cfg

  [ Bob Gilligan ]
  * Extend firewall support to PPPOE interfaces.

  [ Stig Thormodsrud ]
  * Add firewall node to tunnel interface
  * Remove vif node as it's not valid for tunnel interfaces.

  [ Mark O'Brien ]

 -- Mark O'Brien <mobrien@vyatta.com>  Mon, 25 Feb 2008 17:38:04 -0800

vyatta-cfg-firewall (0.1) unstable; urgency=low

  * Initial Release.

 -- Bob Gilligan <gilligan@vyatta.com>  Mon, 10 Dec 2007 11:03:18 -0700
